Simple, transparent pricing

A target URL is a domain or subdomain you want to scan, e.g. https://app.yourcompany.com. Each plan allows a certain number of unique target domains. Scanning the same domain multiple times counts as one target.

No. GotthardAI runs fully automated scans and generates plain-language reports with remediation guidance. No security expertise required — the AI report explains every finding in plain language with concrete fix steps.

Yes — the scanner is designed to be low-impact. Active probes are sent once and are non-destructive. You can enable Passive Only mode to skip active probes entirely, or use Path Exclusions to protect specific endpoints.

You can still run scans on existing targets. To add new targets, upgrade your plan. Deleting scan history does not free up a slot.

Yes. Cancel from your Stripe billing portal at any time. You keep access until the end of your billing period. No long-term contracts.

Sign up at gotthardai.com/signup — no credit card required. You get full access to the Business plan for 14 days. After the trial, choose a plan to keep your data and settings, or let it expire. Nothing is charged automatically.

Business and Professional plans include Jira (auto-create issues for High/Critical findings), GitHub Issues (same), Slack (via incoming webhooks), and custom webhooks with HMAC-SHA256 signing. All integrations deduplicate — rescanning the same target never creates duplicate tickets.

Yes — GotthardAI covers 8 of 10 OWASP Top 10 2021 categories (A01 through A03, A05 through A08, and A10). Every scan report includes an OWASP coverage map showing which categories were tested, which had findings, and which were clean. A04 (Insecure Design) and A09 (Logging Failures) require manual review and are marked as not tested.